npm - @wazobiatech/auth-middleware - Versions diffs - 1.0.7 → 1.0.9 - Mend

@wazobiatech/auth-middleware 1.0.7 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

package/README.md +1 -11
package/dist/middlewares/express.helper.d.ts +1 -1
package/dist/middlewares/express.helper.d.ts.map +1 -1
package/dist/middlewares/express.helper.js +2 -2
package/dist/middlewares/express.helper.js.map +1 -1
package/dist/middlewares/gql.helper.d.ts +56 -7
package/dist/middlewares/gql.helper.d.ts.map +1 -1
package/dist/middlewares/gql.helper.js +177 -31
package/dist/middlewares/gql.helper.js.map +1 -1
package/dist/middlewares/jwt.guard.d.ts +1 -1
package/dist/middlewares/jwt.guard.d.ts.map +1 -1
package/dist/middlewares/jwt.guard.js +23 -22
package/dist/middlewares/jwt.guard.js.map +1 -1
package/dist/middlewares/project.guard.d.ts +38 -13
package/dist/middlewares/project.guard.d.ts.map +1 -1
package/dist/middlewares/project.guard.js +245 -95
package/dist/middlewares/project.guard.js.map +1 -1
package/dist/nestjs/decorators/auth.decorator.d.ts +42 -1
package/dist/nestjs/decorators/auth.decorator.d.ts.map +1 -1
package/dist/nestjs/decorators/auth.decorator.js +67 -2
package/dist/nestjs/decorators/auth.decorator.js.map +1 -1
package/dist/nestjs/guards/project.guard.d.ts +24 -22
package/dist/nestjs/guards/project.guard.d.ts.map +1 -1
package/dist/nestjs/guards/project.guard.js +258 -114
package/dist/nestjs/guards/project.guard.js.map +1 -1
package/dist/nestjs/index.d.ts +1 -1
package/dist/nestjs/index.d.ts.map +1 -1
package/dist/nestjs/index.js +16 -3
package/dist/nestjs/index.js.map +1 -1
package/dist/nestjs/jwt-auth.module.d.ts +6 -0
package/dist/nestjs/jwt-auth.module.d.ts.map +1 -1
package/dist/nestjs/jwt-auth.module.js +34 -7
package/dist/nestjs/jwt-auth.module.js.map +1 -1
package/dist/nestjs/strategies/jwt-strategy.d.ts +1 -1
package/dist/nestjs/strategies/jwt-strategy.d.ts.map +1 -1
package/dist/nestjs/strategies/jwt-strategy.js +31 -59
package/dist/nestjs/strategies/jwt-strategy.js.map +1 -1
package/dist/types/jwt-payload.d.ts +93 -20
package/dist/types/jwt-payload.d.ts.map +1 -1
package/dist/utils/redis.connection.d.ts +10 -0
package/dist/utils/redis.connection.d.ts.map +1 -1
package/dist/utils/redis.connection.js +108 -12
package/dist/utils/redis.connection.js.map +1 -1
package/package.json +3 -7

package/dist/nestjs/decorators/auth.decorator.js CHANGED Viewed

@@ -1,10 +1,75 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.SERVICE_SCOPES_KEY = exports.USER_SCOPES_KEY = exports.PROJECT_SCOPES_KEY = void 0;
 exports.ProjectAndUserAuth = ProjectAndUserAuth;
+exports.ProjectAuth = ProjectAuth;
+exports.UserAuth = UserAuth;
+exports.ServiceAuth = ServiceAuth;
 const common_1 = require("@nestjs/common");
 const project_guard_1 = require("../guards/project.guard");
 const jwt_guard_1 = require("../guards/jwt-guard");
-function ProjectAndUserAuth() {
-    return (0, common_1.applyDecorators)((0, common_1.UseGuards)(jwt_guard_1.JwtAuthGuard, project_guard_1.ProjectAuthGuard));
+// Metadata keys for scopes
+exports.PROJECT_SCOPES_KEY = 'project_scopes';
+exports.USER_SCOPES_KEY = 'user_scopes';
+exports.SERVICE_SCOPES_KEY = 'service_scopes';
+/**
+ * Requires both User token (Authorization header) AND Project/Platform token (x-project-token header)
+ * Use for: Operations needing both user and project context
+ *
+ * @param options - Optional scopes for project and user
+ * @example
+ * @ProjectAndUserAuth({ projectScopes: ['billing:read'], userScopes: ['invoices:create'] })
+ */
+function ProjectAndUserAuth(options) {
+    const decorators = [(0, common_1.UseGuards)(jwt_guard_1.JwtAuthGuard, project_guard_1.ProjectAuthGuard)];
+    if (options?.projectScopes) {
+        decorators.push((0, common_1.SetMetadata)(exports.PROJECT_SCOPES_KEY, options.projectScopes));
+    }
+    if (options?.userScopes) {
+        decorators.push((0, common_1.SetMetadata)(exports.USER_SCOPES_KEY, options.userScopes));
+    }
+    return (0, common_1.applyDecorators)(...decorators);
+}
+/**
+ * Requires only Project/Platform token (x-project-token header)
+ * Use for: Project management, admin operations
+ *
+ * @param scopes - Optional required scopes
+ * @example
+ * @ProjectAuth(['projects:write', 'users:manage'])
+ */
+function ProjectAuth(scopes) {
+    const decorators = [(0, common_1.UseGuards)(project_guard_1.ProjectAuthGuard)];
+    if (scopes && scopes.length > 0) {
+        decorators.push((0, common_1.SetMetadata)(exports.PROJECT_SCOPES_KEY, scopes));
+    }
+    return (0, common_1.applyDecorators)(...decorators);
+}
+/**
+ * Requires only User token (Authorization header)
+ * Use for: User profile operations (me, updateMe, deleteMe)
+ *
+ * @param scopes - Optional required permissions
+ * @example
+ * @UserAuth(['users:delete'])
+ */
+function UserAuth(scopes) {
+    const decorators = [(0, common_1.UseGuards)(jwt_guard_1.JwtAuthGuard)];
+    if (scopes && scopes.length > 0) {
+        decorators.push((0, common_1.SetMetadata)(exports.USER_SCOPES_KEY, scopes));
+    }
+    return (0, common_1.applyDecorators)(...decorators);
+}
+/**
+ * Requires service token (x-project-token header with type: 'service')
+ * Use for: Service-to-service operations
+ *
+ * @param scopes - Required service scopes
+ * @example
+ * @ServiceAuth(['tokens:create', 'users:read'])
+ */
+function ServiceAuth(scopes) {
+    return (0, common_1.applyDecorators)((0, common_1.UseGuards)(project_guard_1.ProjectAuthGuard), // Reuses same guard, checks for service token
+    (0, common_1.SetMetadata)(exports.SERVICE_SCOPES_KEY, scopes));
 }
 //# sourceMappingURL=auth.decorator.js.map

package/dist/nestjs/decorators/auth.decorator.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.decorator.js","sourceRoot":"","sources":["../../../src/nestjs/decorators/auth.decorator.ts"],"names":[],"mappings":"~~;;AAIA~~,~~gDAEC~~;~~AAND~~,~~2CAA4D~~;~~AAC5D~~,2DAA2D;AAC3D,mDAAmD;AAEnD,SAAgB,kBAAkB;~~IAChC~~,OAAO,IAAA,wBAAe,EAAC,IAAA,kBAAS,EAAC,wBAAY,EAAE,gCAAgB,CAAC,CAAC,CAAC;~~AACpE~~,CAAC"}
1	+ {"version":3,"file":"auth.decorator.js","sourceRoot":"","sources":["../../../src/nestjs/decorators/auth.decorator.ts"],"names":[],"mappings":";;;AAiBA,gDAeC;AAUD,kCAQC;AAUD,4BAQC;AAUD,kCAKC;AAnFD,2CAAyE;AACzE,2DAA2D;AAC3D,mDAAmD;AAEnD,2BAA2B;AACd,QAAA,kBAAkB,GAAG,gBAAgB,CAAC;AACtC,QAAA,eAAe,GAAG,aAAa,CAAC;AAChC,QAAA,kBAAkB,GAAG,gBAAgB,CAAC;AAEnD;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAAC,OAGlC;IACC,MAAM,UAAU,GAAG,CAAC,IAAA,kBAAS,EAAC,wBAAY,EAAE,gCAAgB,CAAC,CAAC,CAAC;IAE/D,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;QAC3B,UAAU,CAAC,IAAI,CAAC,IAAA,oBAAW,EAAC,0BAAkB,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,IAAI,OAAO,EAAE,UAAU,EAAE,CAAC;QACxB,UAAU,CAAC,IAAI,CAAC,IAAA,oBAAW,EAAC,uBAAe,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,IAAA,wBAAe,EAAC,GAAG,UAAU,CAAC,CAAC;AACxC,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,WAAW,CAAC,MAAiB;IAC3C,MAAM,UAAU,GAAG,CAAC,IAAA,kBAAS,EAAC,gCAAgB,CAAC,CAAC,CAAC;IAEjD,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,UAAU,CAAC,IAAI,CAAC,IAAA,oBAAW,EAAC,0BAAkB,EAAE,MAAM,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,IAAA,wBAAe,EAAC,GAAG,UAAU,CAAC,CAAC;AACxC,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,QAAQ,CAAC,MAAiB;IACxC,MAAM,UAAU,GAAG,CAAC,IAAA,kBAAS,EAAC,wBAAY,CAAC,CAAC,CAAC;IAE7C,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,UAAU,CAAC,IAAI,CAAC,IAAA,oBAAW,EAAC,uBAAe,EAAE,MAAM,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,IAAA,wBAAe,EAAC,GAAG,UAAU,CAAC,CAAC;AACxC,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,WAAW,CAAC,MAAgB;IAC1C,OAAO,IAAA,wBAAe,EACpB,IAAA,kBAAS,EAAC,gCAAgB,CAAC,EAAE,8CAA8C;IAC3E,IAAA,oBAAW,EAAC,0BAAkB,EAAE,MAAM,CAAC,CACxC,CAAC;AACJ,CAAC"}

package/dist/nestjs/guards/project.guard.d.ts CHANGED Viewed

@@ -1,45 +1,47 @@
 import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
 export declare class ProjectAuthGuard implements CanActivate {
+    private reflector;
     private readonly logger;
-    private jwksCacheKey;
+    private serviceJwksCacheKey;
     private jwksCacheTTL;
-    constructor();
+    private readonly serviceName;
+    constructor(reflector: Reflector);
     canActivate(context: ExecutionContext): Promise<boolean>;
+    /**
+    * Check scopes based on decorator metadata
+    */
+    private checkScopes;
     /**
      * Extract request object from different NestJS contexts
      */
     private getRequest;
     /**
-     * Validate project token using cached JWKS + RSA verification
+     * Handle platform token
      */
-    private validateProjectToken;
+    private handlePlatformToken;
     /**
-     * Get RSA public key from cached JWKS (with 5+ hour caching)
+     * Handle project token
      */
-    private getPublicKeyFromCache;
-    /**
-   * Get current project secret version from Redis (cached by Mercury)
-   */
-    private getCurrentProjectSecretVersion;
+    private handleProjectToken;
     /**
-     * Fetch JWKS from Mercury and cache in Redis
+     * Handle service token
      */
-    private fetchAndCacheJWKS;
+    private handleServiceToken;
+    private validateToken;
+    private validatePlatformToken;
+    private validateProjectToken;
+    private validateServiceToken;
     /**
-     * Decode JWT header to extract kid
+     * Get RSA public key from cached JWKS with auto-refresh on key miss
      */
+    private getPublicKeyFromCache;
+    private getCurrentSecretVersion;
+    private fetchAndCacheJWKS;
     private decodeJwtHeader;
-    /**
-     * Update JWKS cache TTL (can be increased beyond 5 hours)
-     */
+    private decodeJwtPayload;
     setCacheTTL(seconds: number): void;
-    /**
-     * Manually refresh JWKS cache
-     */
     refreshJWKSCache(): Promise<void>;
-    /**
-     * Cleanup Redis connection (called on app shutdown)
-     */
     onApplicationShutdown(): Promise<void>;
 }
 //# sourceMappingURL=project.guard.d.ts.map

package/dist/nestjs/guards/project.guard.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"project.guard.d.ts","sourceRoot":"","sources":["../../../src/nestjs/guards/project.guard.ts"],"names":[],"mappings":"~~AAAA~~,OAAO,EAEL,WAAW,EACX,gBAAgB,~~EAGjB~~,MAAM,gBAAgB,CAAC;~~AAQxB~~,qBACa,gBAAiB,YAAW,WAAW;~~IAClD~~,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqC;IAC5D,OAAO,CAAC,~~YAAY~~,CAAwB;~~IAC5C~~,OAAO,CAAC,YAAY,CAAS~~;;IAIvB~~,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;~~IAiF9D~~;;OAEG;IACH,OAAO,CAAC,UAAU;IAalB;;OAEG;~~YACW~~,~~oBAAoB~~;~~IAoElC~~;;OAEG;~~YACW~~,~~qBAAqB~~;~~IAyCnC~~;;~~KAEC~~;~~YACa~~,~~8BAA8B~~;~~IAuB5C~~;;OAEG;YACW,iBAAiB;~~IA8D~~/B~~;;OAEG;IACH~~,OAAO,CAAC,eAAe;IAUvB~~;;OAEG~~;~~IACH~~,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;~~IAKlC;;OAEG;IACG~~,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;~~IAKvC;;OAEG;IACG~~,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;CAM7C"}
1	+ {"version":3,"file":"project.guard.d.ts","sourceRoot":"","sources":["../../../src/nestjs/guards/project.guard.ts"],"names":[],"mappings":"AACA,OAAO,EAEL,WAAW,EACX,gBAAgB,EAKjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAiBzC,qBACa,gBAAiB,YAAW,WAAW;IAMtC,OAAO,CAAC,SAAS;IAL7B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqC;IAC5D,OAAO,CAAC,mBAAmB,CAAwB;IACnD,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;gBAEjB,SAAS,EAAE,SAAS;IAKlC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;IAqE9D;;MAEE;IACF,OAAO,CAAC,WAAW;IA8FnB;;OAEG;IACH,OAAO,CAAC,UAAU;IAalB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAiB3B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAgC1B;;OAEG;IACH,OAAO,CAAC,kBAAkB;YAsBZ,aAAa;YAoCb,qBAAqB;YAsBrB,oBAAoB;YA+BpB,oBAAoB;IAYlC;;OAEG;YACW,qBAAqB;YAuErB,uBAAuB;YAmBvB,iBAAiB;IA0D/B,OAAO,CAAC,eAAe;IAUvB,OAAO,CAAC,gBAAgB;IAgBxB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAK5B,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IAIjC,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;CAM7C"}